Magazine article Security Management

Taking the Disaster out of Recovery

Magazine article Security Management

Taking the Disaster out of Recovery

Article excerpt

Taking the Disaster Out of Recovery

DECEMBER 1986: A BUILDING FIRE short-circuits the data processing operations of Putnam Investor Services Inc. in Boston. * August 1987: A submerged power substation cuts off power to First Chicago Bank as that city is hit by the heaviest rainfall in its history. * May 1988: A three-alarm fire breaks out in the computer center of Philadelphia's Provident National Bank, jeopardizing all critical applications. * September 1989: Hurricane Hugo sweeps over Robert Bosch Corporation in Charleston, SC, collapsing a roof and flooding its data center. * October 1989: The San Francisco earthquake damages the power lines to Charles Schwab Corporation, causing a complete power outage.

These were all disasters, but the companies recovered, with some help. Just think about those that didn't. Consider these statistics:

* The average company loses 2-3 percent of its gross sales within eight days of a sustained computer outage.

* The average company that experiences a computer outage lasting longer than 10 days never fully recovers. Fifty percent go out of business within five years.

* The chances of experiencing a disaster affecting the corporate data processing center are one in 100.(1)

Disaster recovery. Those are two vital words in today's security managers' and directors' vocabulary. Nowadays these people can't be without a disaster recovery plan or they may soon be without a job.

"It is generally known that the directors of corporations are personally at risk for the actions or inactions of the corporations they direct," explains Randall C. Miller, executive vice president, general counsel, and chief operating officer of CompuSource. "It is not as well known that senior managers, agents, and sometimes employees are also at risk. When there is a catastrophic loss because of a data processing disaster, it is likely that the vice president or manager of MIS can be held personally liable for the loss if there are actions he should have taken to avoid the loss but did not."(2)

"Numerous court cases in which disgruntled shareholders sued officers, directors, and agents for alleged wrong-doing developed the common law standard called the |Prudent Man Rule,'" continues Miller. "It requires officers, directors, and agents to discharge their duties with the diligence and care that ordinary, prudent men would exercise under similar circumstances."(3)

Aside from the legal ramifications of neglecting to safeguard vital data, disaster recovery planning is a business necessity. Simply put, business relies on computers more than ever before and will continue to do so.

"It doesn't matter what you call it--automated data processing or management information services--the life of a business or organization is at risk without disaster management," stresses Robert J. Russo, CPP, chairman of the ASIS Standing Committee on Disaster Management. "Government has already recognized the need for disaster recovery planning. But," he adds, "private industry has been slower despite some notable successes in disaster recovery."

Russo stresses the need for disaster recovery services in the full scope of continuous business operations. "Some well-developed plans are bound by turf--where, say, the MIS department is responsible for information up to a certain point, such as backups. The next level up, perhaps those in charge of data transmission, doesn't include data recovery as its responsibility. A continuous flow of recovery needs to be established."

Disaster recovery experts recognize this need due to sheer data base dependence. "More and more companies rely on data centers to do business," explains Judith Eckles, director of corporate communications for SunGard Recovery Services, located in Wayne, PA. "With this increasing reliance on technology and pressure from the financial sector that mandates disaster recovery procedures or threatens possible lawsuits, you can't conduct business without disaster recovery in place. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.